Home
Contribute Contact Us Browse all meetings
Home Contribute Contact Us Browse all meetings
Kubernetes / SIG Cluster Lifecycle / 1 Dec 2020
Kubernetes / SIG Cluster Lifecycle / 1 Dec 2020
Previous Meeting Next Meeting
Add meeting Rate page Subscribe
youtube image
From YouTube: 20201201 sig cluster lifecycle

Description

Kubernetes SIG Cluster Lifecycle for 12/1/2020

A

Hello today is december 1st 2020., uh it's been a while sorry, I haven't been able to attend for a while, but this is the standard. Sequester lifecycle call um uh taking a look at the dock and seeing what the agenda is. There's a couple things I do know that we should talk about, one of which is going to be getting the sub project.

A

The developer track stuff going for kubecon eu. Let me share my screen.

A

Hopefully, folks can see my screen. Yes, no, maybe so.

A

Yes, okay, so um let's walk.

B

Down here.

A

um The mirror, I think this is the first topic. I forwarded the email. Let's start talking about it,.

C

Yeah, so the cncf is uh opening the floor for more people to participate in the call for paper. Slash cover proposal, submission review process and uh potentially this was only sent to the sig lead mailing list, but we can uh like delegate to others who wish to participate in the review.

C

I don't have to be a lead exactly according to us, uh so if anybody wants to, they can engage with the cncf, there's a form that you can feel. You can say that you represent sequel's life cycle and you can be a reviewer for the cfp for the next cubecom.

A

uh Is there any? I should take a look here.

C

But yeah, I think they summarized how much effort will be required. I think the numbers are reasonable.

C

Like okay, 18 hours for 100 proposals is fine.

A

Yeah, but the the question I have is like this is people's time. You know, and there should be some kickback, like uh the benefits of me in the program today. This is the part that I was looking for.

C

So the hundred percent, uh like uh benefit, uh is, if you do the 100 to 200 proposal review. I I think this is okay. This is reasonable.

D

Plainly, two people should team up if they want to do 50 because then get an extra hundred dollars.

A

Yeah and because is kubecon eu going to be all virtual again. Is that been fully stated? I don't know what the timeframe is. This may so.

E

Maybe.

B

Yes,.

A

It's going to be.

B

Fully virtual.

A

All right so that all seems legit fine. uh Maybe the ask here should be folks to go talk with their individual sub projects. The subproject leads, can talk with different groups and figure out if they're interested in wanting to that was the whole purpose of this psa thing.

A

Talk with the individual subprojects, see if they're interested in engaging does anyone here have bandwidth and want to engage.

E

I'm thinking to get into this too.

B

As long as I'm going to go ahead and check with internally in my org, but as long as there's no objections from them, I'll probably also put my name in the hat too.

F

I'm just restructuring this a little.

F

Bit.

A

All right, so all the details are here: I would send out the information so fill out the form or whatever and try to talk with the individual sub-projects. So if you're a sub-project lead, please talk with the rest of the people if they're interested in engaging because there are kickbacks, you know it's always hard. When somebody says you want to volunteer for this and there's no incentive to do so. um But there is least some incentive.

A

Is there anything else that you want to talk about with regards to this.

C

uh I just wanted to mention that like reading 100 abstracts may seem a lot, but it's really not that much. I really it's not clear to me. What is the exact criteria? Maybe another entity after you will get the submissions that you approved. I don't know the exact details about the process. They link to a separate document which I found.

A

Yeah, I do know that it goes through a couple of rounds and it's, it seems to me like this is the first round filter and then they they score ranking after that. But.

A

Maybe we can follow up next time and get some more details. uh Maybe we can ask uh stephen augustus uh to see if uh what the process is uh just to get some feedback.

A

Does that seem like a good idea.

C

Yeah, I I think we should just read the document that they linked, because it explains the details. I I'm just saying that I haven't read it so.

B

Yeah, this is the.

C

Program committee responsibilities: I'm pretty sure that steven s is like the second entity that I talk about steven is somebody else is responsible for reviewing your uh approvals right.

E

There is a review portal where you go, you give scores and then probably your score gets merger with someone else.

A

Yeah.

D

Yeah, I also, I don't think it's uh purely score based because, for example, if the top two talks were identical, they would pick one of them. Presumably, hopefully, the higher ranked one, but uh you know like there is there is a uh track uh session, which is not purely algorithmic but is aiming to produce a good breadth of content as well, but it uses this as the as the input.

C

And I think the deadline is next week.

G

I think fourth is the closing date, so it should be after that.

C

Okay, so yeah it's one way.

A

All right, so uh is this horse been sufficiently beaten.

C

Yeah, if somebody has questions, I I think we already uh tim, already sent the email to the sequence lifecycle mailing list. We should open a discussion there if somebody has questions just email, the the same thread so.

A

Yeah, all right uh should we go on to sub project readouts. Are there any other group topics that folks want to discuss.

A

Once twice three times right, uh some project readouts uh the mirror.

C

uh For qb, we found some bugs in the core dns migration library. uh I also wanted to show this because I know the costa rica is using the same code or at least a similar variant of the code. Basically, this issue that I mentioned in the dock unraveled a number of bugs that are in the coordination, migration coding, cubanium and uh at least a couple of pr's were already sent. One of them was backported to 119 as well.

C

Eventually, we want to move coordinates to an external addon, whether it's an operator or something else. This will help us potentially just bump a version of an image and that's it, but now we have to go through the whole milestone uh and backboard process, because of some of these bugs and potentially quasar api can also consume the same uh add-on, because uh otherwise we now have to maintain like two separate instances of the logic.

A

I generally agree.

A

We've always wanted to get it out of the core like we wanted to move everything out of core crew bdm bits. If we could right.

C

Yeah, um just what is what is the status of the coordinate operator integration that we adapted for corps by the way.

D

uh Still in progress, uh we had some strong feedback that uh the operator model. We need to tighten up the operator model, both in terms of our back permissions granted to the operator and in terms of being able to have predictability of what actually gets run in the cluster and so you'll see some changes going into cluster add-ons to essentially refactor uh things.

D

I think we have a better back model for it and to refactor um a large manifest into sort of on our back component and uh a um deployment, the actual like thing itself, um and that means that the operator needs very few- are back permissions and doesn't actually significantly change the deployment model. um The other piece is, I think, trying to give predictability, um and so there's also some attempt to try to understand what an operator will do, um at least for some simple cases and that uh relates.

D

uh There's a evan cordell from red hat or yeah. Red hat uh has a uh pr around um dis. uh I guess using containers as the a delivery mechanism for manifests using images as a delivery mechanism for manifests. I will put that in the notes when I found the link, but that's one approach to how you would discover what is in an operator type thing.

D

So it sort of got it got complicated. It's probably the tldr.

C

Up so potentially these uh like expanded, uh undesired, uh are back uh rules. Are they the artifact of the operator framework or like some.

D

Yeah, the the core problem was uh in order to create a, I want to say role or cluster role, but in order to create our back objects, you essentially need all the permissions that you are creating, and so the operator inherited a superset of these permissions.

D

um uh The google summer of code participant this year, satoshi uh basically realized. You don't need to do that.

D

Instead, you can pre-create the rbac roles at the same time as you're, creating the operator, and it doesn't actually change the deployment uh scenario, because if you were to change, if you were to expand the rack rolls anyway, you would need to redeploy the operator with those expanded, rx roles in order to apply the permissions anyway. So it doesn't change anything, and so we might as well just pre-create them, which then means that in this model, the operator needs very few permissions or much much fewer. Many fewer permissions.

C

I see, but how would the the person that is deploying the operator? How would they know what permissions we need? Yeah.

D

So we need, we would provide in the operator manifest the manifest for the operator. We would provide uh both the deployment or stateful set for the operator and uh the are about permissions. They would need to um pre-create, and so we end up with this notion of like slicing up uh a manifest in these ways which we haven't done in the past and I've I've pr'd a sort of tool that might help with that.

D

I don't know if anyone else has any good tools to like enable slicing, essentially a bunch of yaml by kind and things like that and manipulating it, but that's sort of where we're going with that.

C

Okay and uh potentially, this is this- requires changes in both the underlying framework and also the coordinates operator in quest release itself like.

D

It actually doesn't require that many changes uh it. It would require changes to the manifests uh to sort of move stuff from one to the other, um like from the the operator from the core dns, manifest as it were, to the operator manifest um and uh but essentially you would give it read access to the cluster roles and it would verify that they exist and the library is maybe some changes to the underlying library, but actually there aren't even that many changes uh required to the the kubota declarative pattern.

D

Libraries there aren't even that many changes required to that.

D

Okay, let's see but but generally we'd love to like figure out what what the I'm going to look at this issue, we'd love to get it make progress on the kube adm integration as well. I feel, like people have sort of felt in the past that they have uh got a bit stuck and so even prioritizing chaops first, but if we can get into cuba dm first, that would be. That would be wonderful too.

C

Yeah we uh we just didn't make the decision. uh The core dns operator was presented some time ago, but we, I think the main questions were. How do you upgrade the you know the manifest on disk that the user modified to deploy a custom configuration of the operator, and we had a discussion with questrano's project about that there are some we just don't know yet how to properly upgrade operators. I guess I also saw this page.

C

I think it was on a red hat's website that about the operator framework, that upgrading operators in general is not that easy of a task like how do you upgrade the ammo.

C

I wonder like before even the cops or cuba dm integration, I wonder if we should like revisit this topic again. It's a complicated one.

D

I agree I mean, I think the the answer is, it does become the uh responsibility of kubernetes or or cops chaos to to upgrade the operator, and I think the advantage of an operator is um the operator doesn't have any magic dependencies. In other words, it should, it should purely be a coupe cuddle apply upgrade there should be no other like sequencing, like the rule of the operator, should not require like complicated logic.

D

The operator itself should not require a complicated logic to upgrade, and you use the permissions you have as the orchestrator of the cluster uh to avoid, for example, if we had a if we had an operator operator, the operator operator would need basically cluster admin and essentially the cube adm would be the operator operator, because we assume you effectively have plus your admin, but you could certainly write an operator operator if you wanted to.

C

Yeah, it's an infinite whoop of maintenance burden. I okay. I wonder if, if this I was wondering if the operator contains a version like a version format like, can we feed this to an endpoint that can be converted and sent back to the user uh like somehow you use that.

D

The the two models uh for um there's one model where we essentially execute it directly execute the operator in a one-shot model to output the ammo to standard out or something.

D

The other model is that we gloss over the fact that the operator can make changes to the manifest and look at where the operator is pulling from and while the initial version of operators only supported operators on disk in the container image. Now we support a variety of sources. We support https, git and shortly uh evan's uh image uh distribution mechanism.

D

So I don't know, I don't know which one of those like do we care about the what people the feedback we got so far was that the the main thing that people care about is the actual image and not necessarily the details around the image. um So it would suffice.

D

Assuming you didn't change the image which I don't think operators are going to do. It would suffice to um to look at the underlying manifest, but we could also support a one-shot mode. We just haven't pulled on that thread. Yet.

G

So what you're saying is, it is binary level our source level are, but both of them based on the versioning right. At the end of the day, it is the versioning with the githubs that makes the difference in the uh upgrades updates, which is needed for this.

D

Yeah, the the the operator should draw from the um from the version specified and we're going to have a uh fairly straightforward mapping to things that could the cuba dm or cops or any other consumer could themselves do the same mapping to find the underlying manifest, because it's all in the same field, and it follows a node format. um So we'll have a library or something.

A

Yeah I want to table this because I think one of these things should really start to tie through proposals like an ideal state.

A

I think that we should take this because it's going to affect so many things and really have it written down uh would be good for our own mental health, at least my own mental health, because, as I try to manage twelve thousand things at once, uh I'll be able to refer to a document and make sure that I'm not seen hell yet uh getting there, though, does anyone wanna is who should take point on starting to write this proposal.

C

I mean it feels like me, justin and uh potentially the core dns maintainers. We should take points from that.

D

Okay, yeah I'm happy to do that as well. Yeah.

E

I have some curiosity about the responsibility about her back, but we can discuss on the proposal. I I only want to point out that there is an issue I will link in the document in kuben mean where we started to discuss a potential plug-in model uh to allow basically to choose between which dns or which proxy you want to use.

D

Thank you, take a look and I'll also put in evan's cap.

C

Yeah this is uh this is an idea that fabricio brought that maybe cubed yam at least addons can be plugins uh in the way cubecoro is doing plugins. They can just be binaries that live on the nodes.

C

uh Instead of using the operator pattern for addons, it's a completely different, take on others, of course, but it it has its own cavities like how do you if the addon is external? How do you distribute it to users if it's a corado, especially.

D

uh Just I know we don't sorry just to riff on that idea. uh If we had a one shot mode in the operator uh whereby so you would specify the image name. Maybe we could make that work where, uh like it, also solves the distribution problem right and that we know how to distribute images, and you would run the operator on one shot mode and you'd have some protocol but you'd get it on standard out and then you would have your manifest ready to to go.

D

But yeah that sounds like a good. That's a great topic! Thank you.

C

Can you explain like one shot mode, I'm not sure. Oh.

A

It's basically, this is something that red hat has talked about many times in the past is you're, basically containing all the metadata about. It's like. I know that I know myself. So when you run it's basically saying this is what I am and it contains the manifest itself that it would be distributing. So, instead of you having to actually deploy a manifest, you can actually just you run a single container. That knows what it is. That container then drops the manifest or applies it, but that's very meta.

A

The problem with doing it outside the cluster is easier than doing it inside the cluster, because, if you do it inside the cluster you're granting it's basically like you're granting root, because they need to be able to do everything.

D

That's that's right and we call it one shot, because a typical operator will repeatedly reconcile. Whereas one shot is one and done type thing. It outputs it to standard out rather than repeatedly.

E

Reconciling just to give a bit of background, the issue I'm talking about is taking uh uh another problem, which is that in kubernetes today the user are count, are used to uh integrated experience between the control, plane and and add-ons. So you use the same config, for instance, to to set up the image repository for also for the dawns. So there is a kind of integration between what is control plane and what is a done, and this issue proposal model to let the dawns outwards to basically plug in into this integrated uh user experience.

E

This is the problem that that we were trying to solve. Then using this integrated way to install addons, you can install addons, which are based on operators or not, but these, let me say the result of the operation. The issue is more concerning how you do the.

E

Operation.

C

Yeah, the the plugable model is really nice.

C

It's it requires some interfacing between cubed m, the deployer and the add-on, and the other has to implement the same interface to support it.

A

All right, why don't we table this? I'm really excited to read a proposal and to have uh the cat fight where I can read the different ideas, uh because I think we could just like gaze into the abyss uh on this topic for a while. So why don't we move along? That was basically the cubadiem update uh that that basically focused entirely on core genus uh and then goes into operators. Then talks about the existential meaning of life um uh anyways it's to pass butter, so the uh do.

A

Is there any other medium update, or should we move on to other updates? Oh that's! Just very much! Okay! Justin! You want to talk about cops.

D

Certainly, uh thank you. Yes, we are. We are trying to uh do a mini rebrand uh to change from cops to k-ops, uh emphasizing ops, de-emphasizing cops. It feels like the a good thing to do, uh given our political climate um and also ops, is like it's more, it's more like what it is and it's like you know, it's one dedication to a re-rant. uh So if you see me saying chaos, that is uh why I started saying chaops and uh are they more technical news?

D

We are sort of a little bit we caught up and now we're a little behind the ball on getting. uh I think, 119 out um we're having some challenges around the authentication things which we've talked about in previous weeks, but we are basically trying to get uh 119 uh through the process and trying to pick the least worst bad things to make that happen.

A

How goes the integration with cluster api and other sub projects within.

D

Chaops thank you uh tabled for now uh trying to get like. Whenever we get behind the ball. We we everything else, sort of falls by the wayside, but uh it is very much something I'm interested in and um yeah we just haven't had a lot of time for it.

A

Any questions comments, complaints.

D

Concerns other than that you don't like the new name.

A

I I don't have opinions really I'm fine with the apps it just requires. Like you know, mental. You know checking myself because I've said it for years now. So.

D

We're being we're being uh relaxed about people using uh older new names.

A

um Does anybody want to talk about cluster api? I know they're working on v1, alpha, 4, stuff.

A

All right, I will, I know they have a meeting later on today I'll ask vince to drop an update here and poke him about uh getting back engaged in this. He might not know about the time switch. Yet this is the first one where the time switch for a second one. I don't recall, I think it's the first one, all right. So, let's, let's reach out to the sub projects, to uh re-verify uh range, to target one thing only and uh see if they respond, my hunt for red october humor is lost on people now.

A

So uh it's too early uh mini cube.

H

uh Yeah, oh I'm not gonna, add that in uh we released 1 15 two weeks ago right before kubecon.

H

um It mostly it supports the newest 120 beta, and it makes our json output more robust so that you can ingest output in an embedded environment better. uh It supports it, provides better support for parallels as a vm driver as well and um and it adds a new feature called scheduled stop. So you can basically ask minicube to stop in 10 minutes, while you're deconstructing, whatever environment you want um and then we'll just automatically in a cron delete clean up everything whenever you want so.

A

I I know there was a driver for minicube for cluster api. That folks were working on potentially does. Is that anywhere.

H

uh So we never so that was never. We never drove that particular effort, so that this is one of those things where we'll always accept like external prs, but that was nothing we ever worked on.

A

But you do nested you. I do recall folks, supporting nesting clustering with mini cube nowadays. Is that correct, yeah yeah.

A

And the long-standing legacy of kind and mini cube have any? Has there been any?

A

We.

H

Haven't we haven't really talked to kind like that much that recently, um the the the code for our docker driver is less and less resembles. What kind does uh over time we we write our own uh base image. Now, that's not based on kind at all, or it won't be based on kind soon, and so that's uh if that was the the concern. um Otherwise we haven't really. We haven't really talked recently.

A

The reason I ask is that the projects overlap in their user stories- yeah you know, and ideally, in the fullness of time, I would love to have like a single tool that takes the best ideas and kind of melts them down, because I see no reason to have n tools when, when the user stories overlap so much now the test, automation and the simplicity of some things, uh I think, would be great to sort of channel, because I you know at the time mini cube, didn't support it, so kind existed out of necessity yeah, but I think that in the fullness of time I would love to see these projects communicate.

A

More and kind of I don't know.

H

Melt into one yeah, I think that our we've never focused on testing kubernetes as like a use case for for mini cube. Now that mini cube, spins up pretty fast and supports non-vm drivers like there's nothing stopping us it's just. It's never been a priority for us, um but yeah. I I don't. I don't disagree with that. Also kind's part of sick testing. I think, which is a little bit like it.

A

Is yeah um you know I should talk. I should talk with ben and reach out and see where he's at with things, because I don't I would love to get his take on.

A

You know what the delta is and whether it makes sense in the fullness of time or whether it makes more sense to collapse things into one.

H

Yeah yeah, I I don't disagree with that at all.

C

There's a problem that, like you mentioned, it was created in a separate sig that wanted to just push things as fast as possible to get something working and now all project growth projects not only have separate six, but all them, but they also have separate brands established in the community. Minicube is a brand kind. It's a brand, so tearing down a brand will require.

G

Some.

B

Effort.

C

In changes uh but yeah, I would agree that, ideally uh originally maybe stick testing should have went to mini cube and contributed the docker driver directly and we can use testing yeah.

H

That was, I mean the the docker driver took like six months to write, just because of our our, uh like our existing code base was not support, like was not ready for it, but so I understand why no one took that on externally, but I don't disagree.

A

Yeah this has been an old saw of mine. Maybe I should, in my infinite free time, which is consumed entirely by zooms. I can try to reach out to ben and see what uh his thoughts are.

H

Yeah, we're always welcome we're, always open to like meeting with ben. That's that's not a problem.

A

um I'd be very interested in uh cluster api drivers for this, because they do a docker implementation which actually doesn't use even kind. It uses portions of kinds library to be able to do this. That's.

B

The.

A

Test automation, stuff I'd really like to see stuff leveraged across the board, so, like all of the c cluster lifecycle tools, you know like have this virtual cycle, this feedback loop, where virtuous cycle, uh where they're testing you know they're using tools to test the other tools that you know helps to harden the whole story. So.

G

All right, uh any other questions, comments, complaints concerns. So when you mention tools, what tools are you talking about? Is it the testing of the kubernetes uh cluster, or is it the services associated with that?

G

It's very different.

B

Kind.

G

Of.

A

It's the same cluster lifecycle, tooling, we've autumn necessity. Different tools, use things based upon the history, so, like cops, still has their own bootstrapping mechanism and other aspects of it right. Ideally, I would love to see this melted down in the fullness of time, where we we do strict layering, where the job of bootstrapping is one tool. The job of uh you know, provisioning a cluster is one tool. The job of provisioning. Multiple clusters is another tool and they all kind of use uh the layers below it. uh Instead, we kind of have this weird.

A

I don't even it's like a it's, a weird ball of yarn, built out of necessity because of the issues and timing of everything for the most part. So you know different projects were at different states uh in the past, but I think there we are at a state now where we can do these things. It's just a question of. If do we have the resourcing and the capability to make that happen?

A

uh I think before it was. We couldn't do these things yet, but we are definitely at the state where we could. If we had, you know, magical resources for the universe.

A

And I think I think it would for the community's perspective, it would make their lives so much easier. To be honest, just.

H

Have one tool yeah, of course that's my question.

A

Yeah because the community is like what do I use and be like well, we have an answer for that. We have the layers, use this tool for this layer that tool for that layer. It's all composable.

A

So does that answer your question? Prakash.

G

Yeah you do thank you.

A

All right um does anyone want to give any more subproject updates, or should I try to wrangle other folks uh for other stuff next time, so we still have uh cluster api. We have all the other stuff, that's not on the list.

A

Nobody anybody bueller all right so I'll, try to reach out uh to folks and try to see if I can get a better attendance next. Two weeks from now, that's probably going to be the last one before the new year um and this time frame works for me. So I should be able to be here and uh we can. Unless there's any other topics, we can just end a little bit early.

C

I added one topic to the group section: this is this was about the discussion of renaming master to control plane, uh I'm not sure. If team, if you know there was a new working group that was created to work on this yeah items, uh they they were able to produce the so-called architectural design record, to make it more official uh like renames, like control, master control, plane or master, which can also be an administrator in terms of kubernetes, are back potentially renaming it to administrators, and so on. uh This will have separate uh architectural records.

C

I linked the master control plane one, and so this is kind of still draft, but basically they gave us the green light to proceed with the cube adm changes. So I just wanted to let the other su projects here know that it's kind of official at this point. So if you have any flags fields and so on, you should just start the deprecation.

G

Are you saying that kubernetes control plane is the new name, our main control plane? What is it master is dropped, but what is the replacement.

C

uh The document that I linked explains that master in terms of a master node is being renamed to master sorry to control, plane, node.

G

Okay, thank you I'll see that.

C

But again master can mean multiple things in kubernetes, so we will have separate documents that rename.

A

Any other.

A

Topics two months twice three times all right, um please follow up on the list. uh I will try to get some emails out to make sure we get better attendance next time and if you don't see in two weeks have a good holiday bye.